Invision Power Board Search.PHP Highlite Parameter Cross-Site Scripting Vulnerability
BID:13532
Info
Invision Power Board Search.PHP Highlite Parameter Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13532 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 06 2005 12:00AM |
| Updated: | May 06 2005 12:00AM |
| Credit: | James Bercegay of the GulfTech Security Research Team is credited with the discovery of this vulnerability. |
| Vulnerable: |
Invision Power Services Invision Board 2.0.3 Invision Power Services Invision Board 2.0.2 Invision Power Services Invision Board 2.0.1 Invision Power Services Invision Board 2.0 PF2 Invision Power Services Invision Board 2.0 PF1 Invision Power Services Invision Board 2.0 PDR3 Invision Power Services Invision Board 2.0 Alpha 3 Invision Power Services Invision Board 2.0 Invision Power Services Invision Board 1.3.1 Final Invision Power Services Invision Board 1.3 Final Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.3 Invision Power Services Invision Board 1.2 Invision Power Services Invision Board 1.1.2 Invision Power Services Invision Board 1.1.1 Invision Power Services Invision Board 1.0.1 Invision Power Services Invision Board 1.0 |
| Not Vulnerable: |
Invision Power Services Invision Board 2.0.4 |
Discussion
Invision Power Board Search.PHP Highlite Parameter Cross-Site Scripting Vulnerability
Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This issue has been addressed in Invision Power Board version 2.0.4; earlier versions are vulnerable.
Invision Power Board is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.
This issue has been addressed in Invision Power Board version 2.0.4; earlier versions are vulnerable.
Exploit / POC
Invision Power Board Search.PHP Highlite Parameter Cross-Site Scripting Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
Invision Power Board Search.PHP Highlite Parameter Cross-Site Scripting Vulnerability
Solution:
The vendor has addressed this issue in Invision Power Board version 2.0.4.
Invision Power Services Invision Board 1.0
Invision Power Services Invision Board 1.0.1
Invision Power Services Invision Board 1.1.1
Invision Power Services Invision Board 1.1.2
Invision Power Services Invision Board 1.2
Invision Power Services Invision Board 1.3
Invision Power Services Invision Board 1.3 Final
Invision Power Services Invision Board 1.3
Invision Power Services Invision Board 1.3.1 Final
Invision Power Services Invision Board 2.0 PDR3
Invision Power Services Invision Board 2.0
Invision Power Services Invision Board 2.0 PF1
Invision Power Services Invision Board 2.0 PF2
Invision Power Services Invision Board 2.0 Alpha 3
Invision Power Services Invision Board 2.0.1
Invision Power Services Invision Board 2.0.2
Invision Power Services Invision Board 2.0.3
Solution:
The vendor has addressed this issue in Invision Power Board version 2.0.4.
Invision Power Services Invision Board 1.0
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.0.1
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.1.1
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.1.2
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.2
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.3
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.3 Final
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.3
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 1.3.1 Final
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0 PDR3
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0 PF1
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0 PF2
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0 Alpha 3
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0.1
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0.2
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
Invision Power Services Invision Board 2.0.3
-
Invision Power Services Invision Power Board 2.0.4
http://www.invisionboard.com/act.ips/download
References
Invision Power Board Search.PHP Highlite Parameter Cross-Site Scripting Vulnerability
References:
References:
- Invision Board Forum (Invision Power Services)
- Invision Board Homepage (Invision Power Services)
- Multiple Vulnerabilities In Invision Power Board (GulfTech Security Research
)